sasl-host --FQDN--
sasl-realm EVERYBODY.ORG

# Information relevent for replicas
updatedn "UID=SLURPD/STAGING.EVERYBODY.ORG"
updateref ldap://staging.everybody.org/

access to dn=".*o=([^,]+)" attr=userPassword
     by sockurl="^ldapi:///" read
     by dn="UID=SLURPD/STAGING.EVERYBODY.ORG" write
     by anonymous auth

# Domain access -- Each domain can be managed by the 
# administrator group and the toplevel admin group.

access to dn=".*dc=([^,]+),dc=([^,]+),ou=Domains,o=([^,]+)"
     by sockurl="^ldapi:///" read
     by dn="UID=SLURPD/STAGING.EVERYBODY.ORG" write
     by users read
     
access to dn=".*,ou=Roaming,dc=([^,]+),dc=([^,]+),ou=Domains,o=([^,]+)"
     by sockurl="^ldapi:///" read
     by dn="UID=SLURPD/STAGING.EVERYBODY.ORG" write
     by dnattr=owner read

# User modifyable -- Users can change a few attributes in their
# object, we don't want to be bothered for spelling errors.

access to dn=".*o=([^,]+)" attrs=cn,sn,loginShell
     by sockurl="^ldapi:///" read
     by dn="UID=SLURPD/STAGING.EVERYBODY.ORG" write
     by users read
     
access to *
     by sockurl="^ldapi:///" read
     by dn="UID=SLURPD/STAGING.EVERYBODY.ORG" write
     by * read